https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)

Chris Adams cmadams at hiwaay.net
Thu Jul 24 08:02:51 CDT 2008


Once upon a time, Robert Kisteleki <robert at ripe.net> said:
> I understand this is a huge can of worms, but maybe it's time to change the 
> default behavior of browsers from http to https...?

This is a _DNS_ vulnerability.  The Internet is more than HTTP(S).

Think about email (how many MTAs do TLS and validate the certs?).  Even
things like BitTorrent require valid DNS (how about MPAA/RIAA poisoning
the cache for thepiratebay?).

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.




More information about the NANOG mailing list